VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Fedoraproject
>
Extra Packages FOR Enterprise Linux
> 7.0
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-01-16
CVE-2023-6395
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges.
network
low complexity
rpm-software-management
fedoraproject
critical
9.8
9.8
2023-12-24
CVE-2023-51766
Insufficient Verification of Data Authenticity vulnerability in multiple products
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations.
network
low complexity
exim
fedoraproject
debian
CWE-345
5.3
5.3
2023-11-09
CVE-2023-5543
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity.
local
low complexity
moodle
fedoraproject
3.3
3.3
2023-11-09
CVE-2023-5539
Code Injection vulnerability in multiple products
A remote code execution risk was identified in the Lesson activity.
network
low complexity
moodle
fedoraproject
CWE-94
8.8
8.8
2023-11-09
CVE-2023-5540
Code Injection vulnerability in multiple products
A remote code execution risk was identified in the IMSCP activity.
network
low complexity
moodle
fedoraproject
CWE-94
8.8
8.8
2023-11-09
CVE-2023-5542
Exposure of Resource to Wrong Sphere vulnerability in multiple products
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
network
low complexity
moodle
fedoraproject
CWE-668
4.3
4.3
2023-11-09
CVE-2023-5545
Exposure of Resource to Wrong Sphere vulnerability in multiple products
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
network
low complexity
moodle
fedoraproject
CWE-668
5.3
5.3
2023-11-09
CVE-2023-5548
Insufficient Verification of Data Authenticity vulnerability in multiple products
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
network
low complexity
moodle
fedoraproject
CWE-345
5.3
5.3
2023-11-09
CVE-2023-5549
Improper Privilege Management vulnerability in multiple products
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.
network
low complexity
moodle
fedoraproject
CWE-269
5.3
5.3
2023-11-09
CVE-2023-5550
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
network
low complexity
moodle
fedoraproject
critical
9.8
9.8
«
1
(current)
2
3
4
»
Next